bundles/cron: use MAILTO=, rework metadata syntax

2022-02-05 11:41:41 +01:00 · 2022-02-05 11:41:41 +01:00 · 0d865c93d4
parent 533f8075ca
commit 0d865c93d4
22 changed files with 113 additions and 65 deletions
--- a/bundles/apt/files/check_unattended_upgrades
+++ b/bundles/apt/files/check_unattended_upgrades
@ -21,8 +21,6 @@ case "$exitcode" in
        echo "Upgrades skipped due to active SSH login"
        exit 1
        ;;
-    reboot)
-        ;;
    0)
        if [[ -f /var/run/reboot-required ]]
        then
--- a/bundles/apt/metadata.py
+++ b/bundles/apt/metadata.py
@ -18,7 +18,7 @@ defaults = {


@metadata_reactor.provides(
-    'cron/upgrade-and-reboot'
+    'cron/jobs/upgrade-and-reboot'
 )
 def patchday(metadata):
    day = metadata.get('apt/unattended-upgrades/day')
@ -26,10 +26,12 @@ def patchday(metadata):

    return {
        'cron': {
-            'upgrade-and-reboot': '{minute} {hour} * * {day}    root    /usr/local/sbin/upgrade-and-reboot'.format(
-                minute=node.magic_number % 30,
-                hour=hour,
-                day=day,
-            ),
+            'jobs': {
+                'upgrade-and-reboot': '{minute} {hour} * * {day}    root    /usr/local/sbin/upgrade-and-reboot'.format(
+                    minute=node.magic_number % 30,
+                    hour=hour,
+                    day=day,
+                ),
+            },
        },
    }
--- a/bundles/backup-client/metadata.py
+++ b/bundles/backup-client/metadata.py
@ -10,7 +10,7 @@ defaults = {


@metadata_reactor.provides(
-    'cron/backup',
+    'cron/jobs/backup',
    'icinga2_api/backup-client/services',
 )
 def cron(metadata):
@ -19,11 +19,13 @@ def cron(metadata):

    return {
        'cron': {
+            'jobs': {
            # spread backups between 00:00 and 04:59 UTC
-            'backup': '{} {} * * *    root    /usr/local/bin/generate-backup-with-retries'.format(
-                (node.magic_number % 60),
-                (node.magic_number % 4),
-            ),
+                'backup': '{} {} * * *    root    /usr/local/bin/generate-backup-with-retries'.format(
+                    (node.magic_number % 60),
+                    (node.magic_number % 4),
+                ),
+            },
        },
        'icinga2_api': {
            'backup-client': {
--- a/bundles/c3voc-addons/items.py
+++ b/bundles/c3voc-addons/items.py
@ -91,7 +91,7 @@ files = {
    },
 }

-for crontab, content in node.metadata.get('cron', {}).items():
+for crontab, content in node.metadata.get('cron/jobs', {}).items():
    files['/etc/cron.d/{}'.format(crontab)] = {
        'source': 'cron_template',
        'content_type': 'mako',
--- a/bundles/c3voc-addons/metadata.py
+++ b/bundles/c3voc-addons/metadata.py
@ -33,11 +33,13 @@ def patchday(metadata):

    return {
        'cron': {
-            'upgrade-and-reboot': '{minute} {hour} * * {day}    root    /usr/local/sbin/upgrade-and-reboot'.format(
-                minute=node.magic_number % 30,
-                hour=hour,
-                day=day,
-            ),
+            'jobs': {
+                'upgrade-and-reboot': '{minute} {hour} * * {day}    root    /usr/local/sbin/upgrade-and-reboot'.format(
+                    minute=node.magic_number % 30,
+                    hour=hour,
+                    day=day,
+                ),
+            },
        },
    }

--- a/bundles/check-mail-received/metadata.py
+++ b/bundles/check-mail-received/metadata.py
@ -1,5 +1,5 @@
@metadata_reactor.provides(
-    'cron/check-mail-received',
+    'cron/jobs/check-mail-received',
    'icinga2_api/check-mail-received/services',
 )
 def process_metadata(metadata):
@ -30,7 +30,9 @@ def process_metadata(metadata):

    return {
        'cron': {
-            'check-mail-received': '\n'.join(sorted(cron)),
+            'jobs': {
+                'check-mail-received': '\n'.join(sorted(cron)),
+            },
        },
        'icinga2_api': {
            'check-mail-received': {
--- a/bundles/cron/files/cron_template
+++ b/bundles/cron/files/cron_template
@ -3,5 +3,6 @@

 SHELL=/bin/sh
 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+MAILTO=${node.metadata.get('cron/mail_to', repo.libs.defaults.hostmaster_email)}

 ${cron}
--- a/bundles/cron/files/crontab
+++ b/bundles/cron/files/crontab
@ -3,6 +3,7 @@

 SHELL=/bin/sh
 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+MAILTO=${node.metadata.get('cron/mail_to', repo.libs.defaults.hostmaster_email)}

 ${min} *    * * *   root    cd / && run-parts --report /etc/cron.hourly
 ${min} 6    * * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
--- a/bundles/cron/items.py
+++ b/bundles/cron/items.py
@ -31,7 +31,7 @@ svc_systemd = {
    },
 }

-for crontab, content in node.metadata.get('cron', {}).items():
+for crontab, content in node.metadata.get('cron/jobs', {}).items():
    files['/etc/cron.d/{}'.format(crontab)] = {
        'source': 'cron_template',
        'content_type': 'mako',
--- a/bundles/letsencrypt/metadata.py
+++ b/bundles/letsencrypt/metadata.py
@ -13,10 +13,6 @@ defaults = {
            },
        },
    },
-    'cron': {
-        'letsencrypt_renew': '{} 4 * * *    root    /usr/bin/dehydrated --cron --accept-terms --challenge http-01 > /dev/null'.format((node.magic_number % 60)),
-        'letsencrypt_cleanup': '{} 4 * * 0    root    /usr/bin/dehydrated --cleanup > /dev/null'.format((node.magic_number % 60)),
-    },
    'pacman': {
        'packages': {
            'dehydrated': {
@ -27,3 +23,21 @@ defaults = {
        },
    },
 }
+
+
+@metadata_reactor.provides(
+    'cron/jobs/letsencrypt',
+)
+def cron(metadata):
+    if node.metadata.get('letsencrypt/domains'):
+        return {
+            'cron': {
+                'jobs': {
+                    'letsencrypt': '\n'.join([
+                        '{} 4 * * *    root    /usr/bin/dehydrated --cron --accept-terms --challenge http-01 > /dev/null'.format((node.magic_number % 60)),
+                        '{} 4 * * 0    root    /usr/bin/dehydrated --cleanup > /dev/null'.format((node.magic_number % 60)),
+                    ]),
+                },
+            },
+        }
+    return {}
--- a/bundles/netbox/metadata.py
+++ b/bundles/netbox/metadata.py
@ -22,10 +22,12 @@ defaults = {
        },
    },
    'cron': {
-        'netbox': '{m} {h} * * *    netbox    /opt/netbox/venv/bin/python /opt/netbox/src/netbox/manage.py housekeeping'.format(
-            m=node.magic_number%60,
-            h=node.magic_number%4,
-        ),
+        'jobs': {
+            'netbox': '{m} {h} * * *    netbox    /opt/netbox/venv/bin/python /opt/netbox/src/netbox/manage.py housekeeping'.format(
+                m=node.magic_number%60,
+                h=node.magic_number%4,
+            ),
+        },
    },
    'postgresql': {
        'databases': {
--- a/bundles/pppd/metadata.py
+++ b/bundles/pppd/metadata.py
@ -9,7 +9,9 @@ defaults = {
        },
    },
    'cron': {
-        'restart-pppoe-if-no-public-ip': '*/5 * * * *    root    /usr/local/bin/restart-pppoe-if-no-public-ip',
+        'jobs': {
+            'restart-pppoe-if-no-public-ip': '*/5 * * * *    root    /usr/local/bin/restart-pppoe-if-no-public-ip',
+        },
    },
    'icinga2_api': {
        'pppd': {
--- a/bundles/rspamd/metadata.py
+++ b/bundles/rspamd/metadata.py
@ -45,7 +45,9 @@ defaults = {
        },
    },
    'cron': {
-        'clamav-unofficial-sigs': f'{node.magic_number%60} */4 * * *    clamav    /usr/sbin/clamav-unofficial-sigs >/dev/null 2>&1',
+        'jobs': {
+            'clamav-unofficial-sigs': f'{node.magic_number%60} */4 * * *    clamav    /usr/sbin/clamav-unofficial-sigs >/dev/null 2>&1',
+        },
    },
    'postfix': {
        'aliases': {
--- a/bundles/scansnap/metadata.py
+++ b/bundles/scansnap/metadata.py
@ -14,7 +14,9 @@ defaults = {
        },
    },
    'cron': {
-        # Automatically remove files which are older than 14 days
-        'scansnap_cleanup': '00 00 * * *    root    /usr/bin/find /srv/scansnap/ -mindepth 1 -mtime +14 -delete',
+        'jobs': {
+            # Automatically remove files which are older than 14 days
+            'scansnap_cleanup': '00 00 * * *    root    /usr/bin/find /srv/scansnap/ -mindepth 1 -mtime +14 -delete',
+        },
    },
 }
--- a/bundles/smartd/metadata.py
+++ b/bundles/smartd/metadata.py
@ -83,7 +83,7 @@ def telegraf(metadata):


@metadata_reactor.provides(
-    'cron/smartd',
+    'cron/jobs/smartd',
 )
 def monthly_long_test(metadata):
    lines = set()
@ -96,6 +96,8 @@ def monthly_long_test(metadata):

    return {
        'cron': {
-            'smartd': '\n'.join(sorted(lines)),
+            'jobs': {
+                'smartd': '\n'.join(sorted(lines)),
+            },
        },
    }
--- a/bundles/unbound/metadata.py
+++ b/bundles/unbound/metadata.py
@ -8,12 +8,14 @@ defaults = {
        },
    },
    'cron': {
-        'unbound_refresh_root-hints': '{} {} * * {}    root    wget -q -O/etc/unbound/root-hints.txt https://www.internic.net/domain/named.root'.format(
-            node.magic_number%60,
-            node.magic_number%24,
-            node.magic_number%7,
-        ),
-        'unbound-auto-restart': '* * * * *    root    /usr/local/sbin/unbound-auto-restart',
+        'jobs': {
+            'unbound_refresh_root-hints': '{} {} * * {}    root    wget -q -O/etc/unbound/root-hints.txt https://www.internic.net/domain/named.root'.format(
+                node.magic_number%60,
+                node.magic_number%24,
+                node.magic_number%7,
+            ),
+            'unbound-auto-restart': '* * * * *    root    /usr/local/sbin/unbound-auto-restart',
+        },
    },
    'nameservers': {
        '127.0.0.1',
--- a/bundles/zfs/metadata.py
+++ b/bundles/zfs/metadata.py
@ -35,10 +35,12 @@ defaults = {
        },
    },
    'cron': {
-        'zfs-auto-snapshot-daily': '0 0 * * * root /usr/local/sbin/zfs-auto-snapshot daily',
-        'zfs-auto-snapshot-hourly': '0 * * * * root /usr/local/sbin/zfs-auto-snapshot hourly',
-        'zfs-auto-snapshot-monthly': '0 0 1 * * root /usr/local/sbin/zfs-auto-snapshot monthly',
-        'zfs-auto-snapshot-weekly': '0 0 * * 7 root /usr/local/sbin/zfs-auto-snapshot weekly',
+        'jobs': {
+            'zfs-auto-snapshot-daily': '0 0 * * * root /usr/local/sbin/zfs-auto-snapshot daily',
+            'zfs-auto-snapshot-hourly': '0 * * * * root /usr/local/sbin/zfs-auto-snapshot hourly',
+            'zfs-auto-snapshot-monthly': '0 0 1 * * root /usr/local/sbin/zfs-auto-snapshot monthly',
+            'zfs-auto-snapshot-weekly': '0 0 * * 7 root /usr/local/sbin/zfs-auto-snapshot weekly',
+        },
    },
    'icinga2_api': {
        'zfs': {
@ -103,13 +105,15 @@ if node.has_bundle('telegraf'):


@metadata_reactor.provides(
-    'cron/zfs-scrub',
+    'cron/jobs/zfs-scrub',
 )
 def zfs_scrub_cronjob(metadata):
    when = metadata.get('zfs/scrub/cron', '{} 0 * * sun'.format((node.magic_number % 60)))
    return {
        'cron': {
-            'zfs-scrub': '{} root /usr/lib/zfs-linux/scrub'.format(when),
+            'jobs': {
+                'zfs-scrub': '{} root /usr/lib/zfs-linux/scrub'.format(when),
+            },
        },
    }

--- a/nodes/home/nas.py
+++ b/nodes/home/nas.py
@ -59,15 +59,17 @@ nodes['home.nas'] = {
        #    'zfs-base': 'storage/backups',
        #},
        'cron': {
-            # Ensure every user is able to read and write to the NAS dataset.
-            'nas_permissions': '0 3 * * *    root    '
-                'chown -R :nas /storage/nas/ && '
-                'find /storage/nas/ -type d -exec chmod 0775 {} \; && '
-                'find /storage/nas/ -type f -exec chmod 0664 {} \;',
-            'nas_mixcloud': vault.decrypt('encrypt$gAAAAABgxFkM0Zd8SOhk8aK_zsUY5S39FvyxvEq9TVnAK-ryn9qjrpziqUgNyPXFQBSUHPCV5DX6CW6iSQFGO54truPoaymdHFwchWh3u6bOar_h8x3er3I=').format_into(
-                '0 2 * * *    kunsi    '
-                'cd /storage/nas/Musik/Compilations && '
-                'wget --mirror --page-requisites --convert-links --domains {0} --execute robots=off https://{0}/'),
+            'jobs': {
+                # Ensure every user is able to read and write to the NAS dataset.
+                'nas_permissions': '0 3 * * *    root    '
+                    'chown -R :nas /storage/nas/ && '
+                    'find /storage/nas/ -type d -exec chmod 0775 {} \; && '
+                    'find /storage/nas/ -type f -exec chmod 0664 {} \;',
+                'nas_mixcloud': vault.decrypt('encrypt$gAAAAABgxFkM0Zd8SOhk8aK_zsUY5S39FvyxvEq9TVnAK-ryn9qjrpziqUgNyPXFQBSUHPCV5DX6CW6iSQFGO54truPoaymdHFwchWh3u6bOar_h8x3er3I=').format_into(
+                    '0 2 * * *    kunsi    '
+                    'cd /storage/nas/Musik/Compilations && '
+                    'wget --mirror --page-requisites --convert-links --domains {0} --execute robots=off https://{0}/'),
+            },
        },
        'groups': {
            'nas': {},
--- a/nodes/home/router.py
+++ b/nodes/home/router.py
@ -47,11 +47,13 @@ nodes['home.router'] = {
            },
        },
        'cron': {
-            # Our internet provider resets the connection if you're
-            # connected longer than 24 hours. We install this cronjob
-            # to make sure we don't get disconnected randomly during the
-            # day.
-            'restart_pppd': '23 2 * * *    root    systemctl restart pppoe && date -u +\%s > /var/tmp/pppd-last-restart.status',
+            'jobs': {
+                # Our internet provider resets the connection if you're
+                # connected longer than 24 hours. We install this cronjob
+                # to make sure we don't get disconnected randomly during the
+                # day.
+                'restart_pppd': '23 2 * * *    root    systemctl restart pppoe && date -u +\%s > /var/tmp/pppd-last-restart.status',
+            },
        },
        'dhcpd': {
            'subnets': {
--- a/nodes/htz-cloud/luther.py
+++ b/nodes/htz-cloud/luther.py
@ -37,7 +37,9 @@ nodes['htz-cloud.luther'] = {
            },
        },
        'cron': {
-            'luther-ps': vault.decrypt('encrypt$gAAAAABfnUqTXXpUYCA2DxllTKgbKg6YguCBbguJ0rerFGi9UNxEuTO6eqReqraS9FzNmLl81S_20bYwXM5W8pNwV5I5i6BVz1M37TxdsMCAxMG-9G0ZHFXeE4K5a4MWxuyYkrVPtK_hNFOciwxDDwPYT8tH_Jahdqmr8fZcCcsICzsSOxycn89VEm2ODnfH24Azrj6mVq5cPMc_xkdWnn-dSMCvPXpjjg==').format_into('*/10 * * * *    www-data    /usr/bin/curl -s {}'),
+            'jobs': {
+                'luther-ps': vault.decrypt('encrypt$gAAAAABfnUqTXXpUYCA2DxllTKgbKg6YguCBbguJ0rerFGi9UNxEuTO6eqReqraS9FzNmLl81S_20bYwXM5W8pNwV5I5i6BVz1M37TxdsMCAxMG-9G0ZHFXeE4K5a4MWxuyYkrVPtK_hNFOciwxDDwPYT8tH_Jahdqmr8fZcCcsICzsSOxycn89VEm2ODnfH24Azrj6mVq5cPMc_xkdWnn-dSMCvPXpjjg==').format_into('*/10 * * * *    www-data    /usr/bin/curl -s {}'),
+            },
        },
        'icinga_options': {
            'pretty_name': 'Lutherkirchengemeinde Pirmasens',
--- a/nodes/htz-cloud/pleroma.py
+++ b/nodes/htz-cloud/pleroma.py
@ -34,7 +34,9 @@ nodes['htz-cloud.pleroma'] = {
            'pretty_name': 'cybert-media.net',
        },
        'cron': {
-            'auto-authorize-sm-users': '* * * * *    root    echo "UPDATE users SET approval_pending=false WHERE email LIKE \'\\%@seibert-media.net\' AND approval_pending=true;" | psql pleroma >/dev/null',
+            'jobs': {
+                'auto-authorize-sm-users': '* * * * *    root    echo "UPDATE users SET approval_pending=false WHERE email LIKE \'\\%@seibert-media.net\' AND approval_pending=true;" | psql pleroma >/dev/null',
+            },
        },
        'nginx': {
            'vhosts': {
--- a/nodes/rx300.py
+++ b/nodes/rx300.py
@ -95,7 +95,9 @@ nodes['rx300'] = {
            },
        },
        'cron': {
-            'cleanup-paste.franzi.business': '0 0 * * *    kunsi    /usr/bin/find /var/www/paste.franzi.business/ -maxdepth 1 -type d -mtime +60 -exec rm -r {} \;',
+            'jobs': {
+                'cleanup-paste.franzi.business': '0 0 * * *    kunsi    /usr/bin/find /var/www/paste.franzi.business/ -maxdepth 1 -type d -mtime +60 -exec rm -r {} \;',
+            },
        },
        'check-mail-received': {
            't-online': {